From 3c0c394621e6e554048d4b5a48f037f28de6f17a Mon Sep 17 00:00:00 2001 From: Ery Lee Date: Tue, 24 Mar 2015 20:46:14 +0800 Subject: [PATCH] acl doc --- CHANGELOG.md | 16 ++++++++++ TODO | 30 +++++++++++-------- apps/emqttd/include/emqttd.hrl | 10 +++++-- apps/emqttd/src/emqttd_acl.erl | 29 ++++++++---------- apps/emqttd/src/emqttd_plugin.erl | 50 ++++++++++++++++++++++++++++++- doc/acl.md | 30 +++++++++++++++++++ doc/topic.md | 5 ++++ 7 files changed, 138 insertions(+), 32 deletions(-) create mode 100644 doc/acl.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 384dea81b..1dcd218fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ eMQTTD ChangeLog ================== +0.6.0-alpha (2015-03-28) +------------------------- + +ACL + +Plugin Architecture + + +0.5.4-alpha (2015-03-24) +------------------------- + +TODO: static, dynamic topics + +emqttd_pubsub to remove unused dynamic trie nodes... + + 0.5.4-alpha (2015-03-22) ------------------------- diff --git a/TODO b/TODO index 3b2531023..45a6095ac 100644 --- a/TODO +++ b/TODO @@ -1,18 +1,10 @@ - -v0.9.0-alpha (2015-03-20) +0.5.5 ------------------------- -emqtt_sm, emqtt_cm, emqtt_pubsub performance issue... +static, dynmaic, bridge types of topic and trie node -v0.8.0-alpha (2015-03-20) -------------------------- +try_to_remove topic node -MQTT/WebSocket - -v0.7.0-alpha (2015-03-20) -------------------------- - -Admin Console v0.6.0-alpha (2015-03-20) ------------------------- @@ -31,12 +23,26 @@ Mnesia ACL MySQL ACL - 0.6.0 ===== Tsung MQTT Test +v0.9.0-alpha (2015-03-20) +------------------------- + +emqtt_sm, emqtt_cm, emqtt_pubsub performance issue... + +v0.8.0-alpha (2015-03-20) +------------------------- + +MQTT/WebSocket + +v0.7.0-alpha (2015-03-20) +------------------------- + +Admin Console + one million connections test... diff --git a/apps/emqttd/include/emqttd.hrl b/apps/emqttd/include/emqttd.hrl index ef35e1210..fa7803d97 100644 --- a/apps/emqttd/include/emqttd.hrl +++ b/apps/emqttd/include/emqttd.hrl @@ -80,8 +80,14 @@ %% MQTT Authorization %%------------------------------------------------------------------------------ -%%{subscribe, From, Topic} -%%{publish, From, Topic} +%% {subscribe, From, Topic} +%% {publish, From, Topic} %%TODO: ClientId | Username --> Pub | Sub --> Topics +%%------------------------------------------------------------------------------ +%% MQTT Plugin +%%------------------------------------------------------------------------------ + +-record(mqtt_plugin, {name, version, attrs, description}). + diff --git a/apps/emqttd/src/emqttd_acl.erl b/apps/emqttd/src/emqttd_acl.erl index fc8d6dc49..bac1c28e3 100644 --- a/apps/emqttd/src/emqttd_acl.erl +++ b/apps/emqttd/src/emqttd_acl.erl @@ -22,33 +22,23 @@ %%% @doc %%% emqttd ACL. %%% +%%% Two types of authorization: +%%% +%%% subscribe topic +%%% publish to topic +%%% %%% @end %%%----------------------------------------------------------------------------- -module(emqttd_acl). -%%TODO: 0.6.0... - -% Three types of authorization -% -% 1. connection from -% 2. subscribe topic -% 3. publish to topic -% - -behaviour(gen_server). -define(SERVER, ?MODULE). -%% ------------------------------------------------------------------ %% API Function Exports -%% ------------------------------------------------------------------ - --export([start_link/0]). - -%% ------------------------------------------------------------------ -%% gen_server Function Exports -%% ------------------------------------------------------------------ +-export([start_link/0, allow/3]). +%% gen_server callbacks -export([init/1, handle_call/3, handle_cast/2, handle_info/2, terminate/2, code_change/3]). @@ -59,6 +49,11 @@ start_link() -> gen_server:start_link({local, ?SERVER}, ?MODULE, [], []). +allow(subscribe, User, Topic) -> + true; +allow(publish, User, Topic) -> + true. + %% ------------------------------------------------------------------ %% gen_server Function Definitions %% ------------------------------------------------------------------ diff --git a/apps/emqttd/src/emqttd_plugin.erl b/apps/emqttd/src/emqttd_plugin.erl index c5fbfe342..96531e877 100644 --- a/apps/emqttd/src/emqttd_plugin.erl +++ b/apps/emqttd/src/emqttd_plugin.erl @@ -27,4 +27,52 @@ -module(emqttd_plugin). --record(plugin, {name, app, attrs}). +-behaviour(gen_server). + +-define(SERVER, ?MODULE). + +%% API Function Exports +-export([start_link/0, allow/3]). + +%% gen_server callbacks +-export([init/1, handle_call/3, handle_cast/2, handle_info/2, + terminate/2, code_change/3]). + +%% ------------------------------------------------------------------ +%% API Function Definitions +%% ------------------------------------------------------------------ + +start_link() -> + gen_server:start_link({local, ?SERVER}, ?MODULE, [], []). + +allow(subscribe, User, Topic) -> + true; +allow(publish, User, Topic) -> + true. + +%% ------------------------------------------------------------------ +%% gen_server Function Definitions +%% ------------------------------------------------------------------ +init(Args) -> + {ok, Args}. + +handle_call(_Request, _From, State) -> + {reply, ok, State}. + +handle_cast(_Msg, State) -> + {noreply, State}. + +handle_info(_Info, State) -> + {noreply, State}. + +terminate(_Reason, _State) -> + ok. + +code_change(_OldVsn, State, _Extra) -> + {ok, State}. + +%% ------------------------------------------------------------------ +%% Internal Function Definitions +%% ------------------------------------------------------------------ + + diff --git a/doc/acl.md b/doc/acl.md new file mode 100644 index 000000000..cf0e88eb3 --- /dev/null +++ b/doc/acl.md @@ -0,0 +1,30 @@ + +# ACL + +## Protocol + +Authentication of users and devices + +Authorization of access to Server resources + +An implementation may restrict access to Server resources based on information provided by the Client such as User Name, Client Identifier, the hostname/IP address of the Client, or the outcome of authentication mechanisms. + +Identify a MQTT User: Peername, ClientId, Username + + +## Access Rule + +allow | deny Who subscribe | publish Topic | all + +allow {clientid, {regexp, "abcd"}} subscribe "anna" +deny {clientid, "xxxx"} publish "#" +allow {clientid, "abcd"} publish "#" +allow {peername, "127.0.0.1"} subscribe "$SYS/#" +allow {peername, "127.0.0.1"} subscribe all +allow {clientid, "clientid"} subscribe "#" +allow {clientid, {regexp, "abcd"}} publish "anna" +allow all subscribe all +deny all subscribe all +allow all +deny all + diff --git a/doc/topic.md b/doc/topic.md index c087cdcfa..90c694c08 100644 --- a/doc/topic.md +++ b/doc/topic.md @@ -15,3 +15,8 @@ bridge: cretated when bridge... +## Create Topics + +emqttd_pubsub:create(Type, Name) +emqttd_pubsub:create(#topic{name = Name, node= node(), type = Type}). +